In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system comprising: a plurality of virtual computing environments (VCEs) in a multi-cloud network; a plurality of connect gateway routers, wherein each connect gateway router is associated with a logical endpoint within a logical tunnel mesh for respective VCEs; and a single software-defined networking (SDN) controller, executing on processing circuitry, configured to: establish the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers, wherein to establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multicloud network; and advertise the one or more logical tunnels to the first VCE and the second VCE.
2. The system of claim 1 , wherein at least one of the VCEs includes a key server configured to generate certificates to be deployed to one or more of the VCEs for encrypted communication.
3. The system of claim 2 , wherein the SDN controller is configured to cause the key server to generate certificates during the establishing of the logical tunnel mesh.
4. The system of claim 1 , wherein to establish the logical tunnel mesh, the SDN controller is configured to establish Internet Protocol Security (IPSec) sessions between the connect gateway routers of respective VCEs.
5. The system of claim 1 , wherein to advertise the one or more logical tunnels, the SDN controller is configured to advertise the one or more logical tunnels via Border Gateway Protocol (BGP).
6. The system of claim 1 , further comprising one or more virtual machines executing on one or more servers, wherein the one or more virtual machines form an infrastructure for the first VCE, and wherein at least one of the one or more virtual machines executes a connect gateway router to form the logical endpoint for the first VCE.
7. The system of claim 6 , wherein the one or more virtual machines comprise a first set of one or more virtual machines, the one or more servers comprise a first set of one or more servers, and the connect gateway router comprises a first connect gateway router, the system further comprising a second set of one or more virtual machines executing on a second set of one or more servers, wherein the second set of one or more virtual machines form an infrastructure for the second VCE, wherein at least one of the second set of one or more virtual machines executes a second connect gateway router to form the logical endpoint for the second VCE, and wherein the SDN controller is configured to establish a logical tunnel of the logical tunnel mesh that interconnects the first connect gateway router and the second connect gateway router.
8. A method comprising: establishing, with a single software-defined networking (SDN) controller executing on processing circuitry, a logical tunnel mesh to interconnect a plurality of virtual computing environments (VCEs) in a multi-cloud network via respective connect gateway routers, wherein each connect gateway router is associated with a logical endpoint within a logical tunnel mesh for respective VCEs, and wherein establishing the logical tunnel mesh comprises determining one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network; and advertising the one or more logical tunnels to the first VCE and the second VCE.
9. The method of claim 8 , further comprising generating certificates, via a key server in at least one of the VCEs, to be deployed to one or more of the VCEs for encrypted communication.
10. The method of claim 9 , further comprising causing, with the SDN controller, the key server to generate certificates during the establishing of the logical tunnel mesh.
11. The method of claim 8 , wherein establishing the logical tunnel mesh comprises establishing Internet Protocol Security (IPSec) sessions between the connect gateway routers of respective VCEs.
12. The method of claim 8 , wherein advertising the one or more logical tunnels comprises advertising the one or more logical tunnels via Border Gateway Protocol (BGP).
13. The method of claim 8 , further comprising: executing one or more virtual machines on one more servers, wherein the one or more virtual machines form an infrastructure for the first VCE; and executing a connect gateway router on at least one of the one or more virtual machines to form the logical endpoint for the first VCE.
14. The method of claim 13 , wherein the one or more virtual machines comprise a first set of one or more virtual machines, the one or more servers comprise a first set of one or more servers, and the connect gateway router comprises a first connect gateway router, the method further comprising: executing a second set of one or more virtual machines on a second set of one or more servers, wherein the second set of one or more virtual machines form an infrastructure for the second VCE; executing a second connect gateway router on at least one of the second set of one or more virtual machines to form the logical endpoint for the second VCE; and establishing a logical tunnel of the logical tunnel mesh that interconnects the first connect gateway router and the second connect gateway router.
15. A computer-readable storage medium storing instructions thereon that when executed cause one or more processors, via execution of a single software-defined networking (SDN) controller, to: establish, by execution of the SDN controller, a logical tunnel mesh to interconnect a plurality of virtual computing environments (VCEs) in a multi-cloud network via respective connect gateway routers, wherein each connect gateway router is associated with a logical endpoint within a logical tunnel mesh for respective VCEs, and wherein the instructions that cause the one or more processors, via execution of the SDN controller, to establish the logical tunnel mesh comprise instructions that cause the one or more processors, via execution of the SDN controller, to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network; and advertise the one or more logical tunnels to the first VCE and the second VCE.
16. The computer-readable storage medium of claim 15 , further comprising instructions that cause the one or more processors, via execution of the SDN controller to, generate certificates, via a key server in at least one of the VCEs, to be deployed to one or more of the VCEs for encrypted communication.
17. The computer-readable storage medium of claim 16 , further comprising instructions that cause the one or more processors, via execution of the SDN controller to, cause the key server to generate certificates during the establishing of the logical tunnel mesh.
18. The computer-readable storage medium of claim 15 , wherein the instructions that cause the one or more processors, via execution of the SDN controller, to establish the logical tunnel mesh comprise instructions that cause the one or more processors, via execution of the SDN controller to, establish Internet Protocol Security (IPSec) sessions between the connect gateway routers of respective VCEs.
19. The computer-readable storage medium of claim 15 , wherein the instructions that cause the one or more processors, via execution of the SDN controller, to advertise the one or more logical tunnels comprise instructions that cause the one or more processors, via execution of the SDN controller, to advertise the one or more logical tunnels via Border Gateway Protocol (BGP).
20. The computer-readable storage medium of claim 15 , further comprising instructions that cause the one or more processors, via execution of the SDN controller, to: execute one or more virtual machines on one more servers, wherein the one or more virtual machines form an infrastructure for the first VCE; and execute a connect gateway router on at least one of the one or more virtual machines to form the logical endpoint for the first VCE.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 27, 2018
June 9, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.